first commit
This commit is contained in:
commit
e74f05f418
3 changed files with 81 additions and 0 deletions
28
README.md
Normal file
28
README.md
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# Backup
|
||||||
|
|
||||||
|
Personal backup application
|
||||||
|
|
||||||
|
## Threat Model
|
||||||
|
|
||||||
|
### Objectives
|
||||||
|
|
||||||
|
- Data is securely encrypted at rest and cannot be extracted without the repository private key
|
||||||
|
- Data can be verified to come from any specific device
|
||||||
|
- Without the encryption key it should be possible to make a safe guess as to what data is no longer in use.
|
||||||
|
- Access to the repository private key requires hardware-backed multi-factor access
|
||||||
|
- An attacker with write-access to the storage backend should not be able to modify or forge data in an unnoticeable manner
|
||||||
|
- The backup clients cannot cause harm to the already backed-up data.
|
||||||
|
|
||||||
|
### Out of scope
|
||||||
|
|
||||||
|
- The owner gives an attacker both the hardware key and the password to it
|
||||||
|
- The backup server host is compromised
|
||||||
|
- An attacker with write-access to the storage backends deleting or otherwise destroying the data contained within.
|
||||||
|
- An attacker with write-access to the backed up device can modify the data that is backed up
|
||||||
|
|
||||||
|
### Diagrams
|
||||||
|
|
||||||
|
#### Creating a repository
|
||||||
|
![UML Diagram of repository creation](./docs/uml/create-repo.svg)
|
||||||
|
|
||||||
|
|
32
docs/uml/create-repo.svg
Normal file
32
docs/uml/create-repo.svg
Normal file
File diff suppressed because one or more lines are too long
After Width: | Height: | Size: 15 KiB |
21
docs/uml/create-repo.uml
Normal file
21
docs/uml/create-repo.uml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
@startuml
|
||||||
|
actor User
|
||||||
|
autoactivate on
|
||||||
|
|
||||||
|
User -> Backup : Create Repository
|
||||||
|
Backup -> Backup : generate P-256 key pair
|
||||||
|
return keypair
|
||||||
|
Backup -> Yubikey : Read the public key of the YubiKey
|
||||||
|
return public key
|
||||||
|
Backup -> Backup : Calculate ECDHE shared secret
|
||||||
|
return shared secret
|
||||||
|
Backup -> Backup : Generate Curve 25519 key pair
|
||||||
|
return keypair
|
||||||
|
Backup -> Backup : Generate encyption key from the shared secret
|
||||||
|
return encryption key
|
||||||
|
Backup -> Backup : Encrypt the private key with the encryption key
|
||||||
|
return encrypted private key
|
||||||
|
Backup -> Backend : Store the encrypted private key and public key
|
||||||
|
return success
|
||||||
|
return success
|
||||||
|
@enduml
|
Loading…
Reference in a new issue